rancher: [cli] Cannot switch context by clusterName:projectName
What kind of request is this (question/bug/enhancement/feature request): bug
Steps to reproduce (least amount of steps as possible):
- Create 2 clusters and add a cluster owner who is not an admin to both of them
- Login with CLI using admin user token and select one of the resulting contexts:
rancher login --token $ADMIN_TOKEN --skip-verify $RANCHER_SERVER_URL
- Switch context in CLI using clustername:projectname
rancher context switch test1:Default
–> Will result in:FATA[0000] Not found: test1:Default
- Now login with user token and select one of the resulting contexts:
rancher login --token $USER_TOKEN --skip-verify $RANCHER_SERVER_URL
- Switch context in CLI using clustername:projectname
rancher context switch test1:Default
–> Will result in:FATA[0000] Bad response statusCode [403]. Status [403 Forbidden]. Body: [baseType=error, code=Forbidden, message=projects.management.cattle.io "Default" is forbidden: User "u-b47sd" cannot get resource "projects" in API group "management.cattle.io" in the namespace "test1"] from [$RANCHER_SERVER_URL/v3/projects/test1:Default]
Result: (shown in steps above)
Other details that may be helpful: This is kind of two errors in one:
- I should be allowed to switch contexts knowing just the cluster name and project name, as the cluster name is unique. If there are multiple projects with that name in the cluster, then I would expect the general multiple-resources error:
FATA[0000] Multiple resources of type project found for name Default: [c-88rmh:p-mhvc2 c-qcqcs:p-sfpjl]
- The error messages are both misleading. I would expect since the user has access to this cluster, he should see at least the same error message as admin. The admin error message shows that it is not found, which is a bit misleading.
It might make sense to add a --cluster
flag to the context switch command so that it could be executed like: rancher context switch --cluster test1 Default
. This would probably help to remove confusion between the colon syntax which is the same as how a project ID is specified.
Environment information
- Single node install rancher v2.3.5
Cluster information
- 2 clusters, 3 nodes each all roles
- Cluster type (Hosted/Infrastructure Provider/Custom/Imported): Linode
- Machine type (cloud/VM/metal) and specifications (CPU/memory): 2gb, 1vcpu
- Kubernetes version (use
kubectl version
):
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"clean", BuildDate:"2020-01-18T23:22:30Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 4
- Comments: 20 (6 by maintainers)
we also hit this one. i think there is something missing here.
currently i can’t find anyway to switch without any human intervention to the Default project of another cluster.
To do a context switch you have to know $CLUSTERID:$PROJECTID and to determine PROJECTID using the cli you have to switch to the other cluster and do a
rancher projects ls
but there is no command that can do that !Here there is 2 options AMHA:
rancher projects ls --all-clusters
rancher cluster swicth $CLUSTERID
Am i wrong ?
Changed to enhancement as Dan’s comment above is the intended use right now.
It would be nice to have a command like
rancher context switch --cluster test Default
. Technically cluster named “test” could have multiple projects named “Default”, and in that case it should throw the same error, but if it doesn’t it would be convenient to switch contexts this way.